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DETAILED ACTION 

1 . Preliminary Amendment, received on 3 January 2006, has been entered into 
record. In this amendment, claim 1 has been cancelled and claims 2-16 have been 
added. 

2. Claims 2-1 6 are presented for examination. 

Priority 

3. The claim for priority from PCT/DE04/01252 filed on 17 June 2004 is duly noted. 

4. Receipt is acknowledged of papers submitted under 35 U.S.C. 1 1 9(a)-(d), which 
papers have been placed of record in the file. 

Specification 

5. The disclosure is objected to because it contains an embedded hyperlink and/or 
other form of browser-executable code. Applicant is required to delete the embedded 
hyperlink and/or other form of browser-executable code. See MPEP § 608.01 . 

6. The disclosure is objected to because of the following informalities: in paragraph 
0010, line 4: "is allowed is" should read -is allowed are-. 

Appropriate correction is required. 



Claim Objections 

7. Claims 2, 5, and 13-16 are objected to because of the following informalities: 
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a. In claim 2, line 19: "first files" is unclear if it relates to "first file" (claim 2, 
line 12); 

b. In claim 2, line 21 : "a second file" is unclear if it relates to "a second file" 
(claim 2, line 14); 

c. In claim 5, line 2: "a secret key" is unclear if it relates to "a secret key" 
(claim 2, line 5); 

d. In claim 13, line 9: "respective management information" is unclear if it 
relates to "respective management information" (claim 13, line 5); 

e. In claim 13, line 13: "the personal locker" is unclear if it relates to "a 
personal locker" (claim 2, line 19) or "a respective personal locker" (claim 13, line 
13); 

f. In claim 13, line 16: "another user" is unclear if it relates to "another user" 
(claim 2, line 21); 

g. In claim 13, line 23: "a plurality of other users" is unclear if it relates to "a 
plurality of other users" (claim 2, line 28); 

h. In claim 14, line 6: "the public key" lacks antecedent basis; 

i. In claim 15, lines 1-2: "a provisioning locker" is unclear if it relates to "a 
provisioning locker" (claim 2, line 21); 

j. Claim 16 is objected to because it depends on a cancelled claim. For the 
purposes of examination, the examiner asserts that the applicant intended for it 
to be dependent on claim 14, and it has been treated as such for the remainder 
of this office action. 
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Drawings 

8. The drawings are objected to as failing to comply with 37 CFR 1 .84(p)(4) 
because reference character "1" has been used to designate both main folder (0014, 
line 2) and Main Locker (Figure 3). Corrected drawing sheets in compliance with 37 
CFR 1 .121(d) are required in reply to the Office action to avoid abandonment of the 
application. Any amended replacement drawing sheet should include all of the figures 
appearing on the immediate prior version of the sheet, even if only one figure is being 
amended. Each drawing sheet submitted after the filing date of an application must be 
labeled in the top margin as either "Replacement Sheet" or "New Sheet" pursuant to 37 
CFR 1.121 (d). If the changes are not accepted by the examiner, the applicant will be 
notified and informed of any required corrective action in the next Office action. The 
objection to the drawings will not be held in abeyance. 

Claim Rejections - 35 USC § 103 

9. The following is a quotation of 35 U.S.C. 1 03(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set 
forth in section 102 of this title, if the differences between the subject matter sought to be patented and 
the prior art are such that the subject matter as a whole would have been obvious at the time the 
invention was made to a person having ordinary skill in the art to which said subject matter pertains. 
Patentability shall not be negatived by the manner in which the invention was made. 

1 0. This application currently names joint inventors. In considering patentability of 
the claims under 35 U.S.C. 103(a), the examiner presumes that the subject matter of 
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the various claims was commonly owned at the time any inventions covered therein 
were made absent any evidence to the contrary. Applicant is advised of the obligation 
under 37 CFR 1 .56 to point out the inventor and invention dates of each claim that was 
not commonly owned at the time a later invention was made in order for the examiner to 
consider the applicability of 35 U.S.C. 103(c) and potential 35 U.S.C. 102(e), (f) or (g) 
prior art under 35 U.S.C. 103(a). 

1 1 . Claims 2-1 0, and 1 3 are rejected under 35 U.S.C. 1 03(a) as being unpatentable 
over de Jong et al. (US 2004/0054750 A1 and de Jong hereinafter) and in view of 
Challener (US 2003/0174842 A1). 

As to claim 2, de Jong discloses a system and method for digital content access control, 
the system and method having: 

accessing the server over an internet (0081, lines 16-17); 

sending, by the server (i.e. provisioner), a client program (i.e. tokens) 
to a first local computer of the first user, the client program enabling an 
authentication of the first user using the user certificate and a transmission 
of at least one further security requirement (01 27, lines 1 -3, 5-1 0); 

setting up a personal main folder (i.e. content repository) on the server 
for the first user, the main folder having a first file (i.e. content rights 
database) including a first security requirement defined for the main folder 
and first management information so as to provide a main locker, the main 
folder being configured to have at least one further folder (i.e. content 
associated with request) set up therein, the at least one further folder having 
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a function and a second file including a second security requirement (i.e. 
token) defined for the at least one further folder and including second 
management information so as to provide a functional locker, the 
functional locker being displayed only if at least one security-relevant 
requirement is met so as to provide a locker system having a virtual 
character (0098, lines 9-14; 0099, lines 4-13, 16-19), the functional locker 
providing a function of at least one of: a personal locker, first files being 
storable in the personal locker only by the first user and displayable only to 
the first user; a provisioning locker, a first reference (i.e. URL) to a second 
file for another user being storable by the first user therein (0109, lines 2-3; 
01 1 0, lines 1 -6); a receiving locker for a third file of a sender user of the 
users, the receiving locker being configured, when opened, to provide to 
the first user a sender user reference relating to the storage of the third file 
and to a sender user defined security requirement; and a public locker 
configured to store, by the first user, the first reference to the second file 
when the first reference is stored in the provisioning locker, which, when 
the first reference is intended for a plurality of other users. 
De Jong does not disclose: 

upon request, issuing, by an operator of the server, to a first user of 
the users a user certificate for access conditions, and providing the user 
certificate and a secret key to the first user. 
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Nonetheless, this feature is well known in the art and would have been an obvious 
modification of the teachings disclosed by de Jong, as evidenced by Challener. 
Challener discloses a system and method for managing private keys, the system and 
method having: 

upon request, issuing, by an operator of the server (i.e. CA), to a first 
user of the users a user certificate for access conditions, and providing the 
user certificate and a secret key to the first user (0005, lines 1-7). 
Given the teaching of Challener, a person having ordinary skill in the art at the time of 
the invention would have readily recognized the desirability and advantages of 
modifying the teachings of de Jong with the teachings of Challener by providing a user 
with a certificate and key. Challener recites motivation by disclosing that using 
encryption is a well known method of providing security for communications between 
two computers in a network (0004, lines 7-8). It is obvious that the teachings of 
Challener would have improved the teachings of de Jong by providing for encryption in 
order to secure communications. 

As to claim 3, de Jong does not disclose: 

wherein the certificate includes a public key. 

Nonetheless, this feature is well known in the art and would have been an obvious 
modification of the teachings disclosed by de Jong, as evidenced by Challener. 
Challener discloses: 

wherein the certificate includes a public key (0005, lines 1-3). 
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Given the teaching of Challener, a person having ordinary skill in the art at the time of 
the invention would have readily recognized the desirability and advantages of 
modifying the teachings of de Jong with the teachings of Challener by using a public key 
in a certificate. Challener recites motivation by disclosing that using a public key in a 
certificate allows all parties to access the public key (0005, lines 5-6). It is obvious that 
the teachings of Challener would have improved the teachings of de Jong by using a 
certificate with a key in order to allow all parties to have access to the key. 

As to claim 4, de Jong does not disclose: 

providing a public key to the first user. 

Nonetheless, this feature is well known in the art and would have been an obvious 
modification of the teachings disclosed by de Jong, as evidenced by Challener. 
Challener discloses: 

providing a public key to the first user (0005, lines 4-6). 
Given the teaching of Challener, a person having ordinary skill in the art at the time of 
the invention would have readily recognized the desirability and advantages of 
modifying the teachings of de Jong with the teachings of Challener by providing a public 
key to a user. Please refer to the motivation recited above in respect to claim 2 as to 
why it is obvious to apply the teachings of Challener to the teachings of de Jong. 



As to claim 5, de Jong does not disclose: 
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wherein the providing the user certificate and a secret key to the first 
user is performed by providing the user certificate and a secret key on a 
smart card. 

Nonetheless, this feature is well known in the art and would have been an obvious 
modification of the teachings disclosed by de Jong, as evidenced by Challener. 
Challener discloses: 

wherein the providing the user certificate and a secret key to the first 

user is performed by providing the user certificate and a secret key on a 

smart card (0008, lines 1-3). 
Given the teaching of Challener, a person having ordinary skill in the art at the time of 
the invention would have readily recognized the desirability and advantages of 
modifying the teachings of de Jong with the teachings of Challener by providing key 
information on a smart card. Challener recites motivation by disclosing that smart cards 
are small and can hold memory and logic (0008, lines 1-2). It is obvious that the 
teachings of Challener would have improved the teachings of de Jong by providing key 
information on a smart card in order to provide security using a small device. 

As to claim 6, de Jong discloses: 

wherein the at least one further security requirement includes at 
least one of a biometric system requirement, a geographic positioning 
requirement, a time restriction, a network requirement, and a computer 
data requirement (0098, lines 19-22). 
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As to claim 7, de Jong discloses: 

wherein the at least one further security requirement includes a time 
dependency (0164, lines 2-5). 

As to claim 8, de Jong discloses: 

wherein the at least one security-relevant requirement is a 
requirement of the operator of the server, the first user, and the sender (i.e. 
user of one or more users) of the third file (0098, lines 4-8, 1 9-22). 

As to claim 9, de Jong discloses: 

wherein the provisioning locker has a name associated therewith 

(0110, lines -6). 

As to claim 10, de Jong discloses: 

wherein the provisioning locker includes a user locker for the 
another user (Abstract, lines 9-10). 

As to claim 13, de Jong discloses: 

wherein the first user is a user registered with the server, and further 
comprising setting up a second personal main folder on the server for a 
second user registered with the server, the second main folder having a 
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respective first file including a respective first security requirement defined 
for the respective main folder and respective management information so 
as to provide a respective locker, each respective main folder being 
configured to have respective further folders set up therein, the respective 
further folders each having a respective function and each having a 
respective second file including a respective second security requirement 
defined for the respective further folder and including respective 
management information, each of the further folders acting as a respective 
functional locker, each functional locker being displayed only if a 
respective security-relevant requirement is met, so as to provide a 
respective locker system having a virtual character (0098, lines 9-14; 0099, 
lines 4-13, 16-19), each functional locker providing a respective function of 
at least one of: a respective personal locker, respective first files being 
storable in the personal locker only by the respective user and displayable 
only to the respective user; a respective provisioning locker, a respective 
first reference to a respective second file for another user being storable by 
the respective user therein (0109, lines 2-3; 0110, lines 1-6); a respective 
receiving locker for a respective third file of a respective sender user of the 
users, the respective receiving locker being configured, when opened, to 
provide to the respective user a respective sender user reference relating 
to the storage of the respective third file and to a respective sender user 
defined security requirement; and a respective public locker configured to 
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store, by the first user, the first reference to the second file when the first 
reference is stored in the provisioning locker, which, when the first 
reference is intended for a plurality of other users. 

The examiner notes that the process of claim 13 uses the similar process of claim 2 to 
create a second instance. It would have been obvious to one of ordinary skill in the art 
at the time the invention was made to repeat the same process of claim 2 to create 
another instance of the folder because a mere duplication only involves routine skill in 
the art. 

12. Claims 14-16 are rejected under 35 U.S.C. 103(a) as being unpatentable over de 
Jong in view of Challener as applied to claim 2 above, and further in view of Perlman 
(US Patent 5,901 ,227). 

As to claim 14, de Jong in view of Challener discloses: 

encrypting the data using the access key (0004, lines 8-10); 

encrypting, by the server, the transmitted encrypted data a second 
time (0032, lines 5-8; 0033, lines 8-10). 
Given the teaching of Challener, a person having ordinary skill in the art at the time of 
the invention would have readily recognized the desirability and advantages of 
modifying the teachings of de Jong with the teachings of Challener by encrypting data 
with a key. Please refer to the motivation recited above in respect to claim 2 as to why 
it is obvious to apply the teachings of Challener to the teachings of de Jong. 
De Jong in view of Challener does not disclose: 
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storing a fourth file in the functional locker only if the second 
security requirement is met; 

generating a random number from data of the fourth file so as to 
provide an access key; 

subsequently encrypting the access key with the public key and then 
destroying the access key so that the access key, for accessing the stored 
file, can only be recovered using the secret key; 

transmitting, to the server, the encrypted data, fourth management 
information of the fourth file, and the encrypted access key; 

generating a unique file identifier for the fourth file; 

storing the fourth file in a system locker using the file identifier; 

storing a fourth reference to the fourth file in the functional locker, 
the fourth reference including the file identifier, the encrypted access key, 
and the fourth management information. 
Nonetheless, these features are well known in the art and would have been an obvious 
modification of the teachings disclosed by de Jong in view of Challener, as evidenced 
by Perlman. 

Perlman discloses a system and method for implementing partial and complete optional 
key escrow, the system and method having: 

storing a fourth file in the functional locker only if the second 

security requirement (i.e. minimum fulfilled) is met (col. 5, lines 55-57; col. 6, 

lines 10-14); 
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generating a random number (i.e. nonce) from data of the fourth file 
so as to provide an access key (col. 1 , lines 29-30). It would have been 
obvious to one of ordinary skill in the art at the time the invention was made to 
derive a random number from data since it is known in the art that linking data 
content to encryption increases security. 

subsequently encrypting the access key with the public key and then 
destroying the access key so that the access key, for accessing the stored 
file, can only be recovered using the secret key (col. 4, lines 44-45, 47-49); 

transmitting, to the server, the encrypted data, fourth management 
information of the fourth file, and the encrypted access key (col. 5, lines 29- 
36); 

generating a unique file identifier (i.e. UID) for the fourth file (i.e. 
escrow information) (col. 6, lines 46-48); 

storing the fourth file in a system locker using the file identifier (col. 
5, lines 55-57; col. 6, lines 32-33); 

storing a fourth reference to the fourth file in the functional locker, 
the fourth reference including the file identifier, the encrypted access key, 
and the fourth management information (col. 5, lines 31-36). 
Given the teaching of Perlman, a person having ordinary skill in the art at the time of the 
invention would have readily recognized the desirability and advantages of modifying 
the teachings of de Jong in view of Challener with the teachings of Perlman by 
transferring a hidden key and storing information. Perlman recites motivation by 
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disclosing that encrypting keys ensures that the information is safe from an 
eavesdropper (col. 1 , lines 43-45) and storing information using a pointer so that the 
information can be shared (col. 6, lines 19-22). It is obvious that the teachings of 
Perlman would have improved the teachings of de Jong in view of Challener by 
transferring a hidden key and storing information so that the information can be 
protected while being shared. 

As to claim 1 5, de Jong in view of Challener discloses: 

wherein the functional locker is a provisioning locker including a 
user file (i.e. messages) for the another user (0024, lines 5-7), and further 
comprising enabling the stored fourth file to be forwarded by the first user 
to the another user only if the first user decrypts the encrypted access key 
with the secret key and re-encrypts the decrypted access key with a 
second public key of the another user (0033, lines 4-10), and the re- 
encrypted access key, the file identifier and the fourth management 
information, are stored as the fourth reference to the file into the user 
locker (0027, lines 11-14; 0033, lines 10-12). 
Given the teaching of Challener, a person having ordinary skill in the art at the time of 
the invention would have readily recognized the desirability and advantages of 
modifying the teachings of de Jong with the teachings of Challener by re-encrypting the 
key and storing it with information. Challener recites motivation by disclosing that 
encrypting the key assures an administrator that the information is sent only to an 
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authorized client (0035, lines 1 0-1 2). It is obvious that the teachings of Challener would 
have improved the teachings of de Jong by storing a re-encrypted key in order to 
ensure the integrity of the key. 

As to claim 1 6, de Jong in view of Challener does not disclose: 

wherein the second management information includes a 
management requirement, and wherein the storing the fourth file is 
performed only if the management requirement is met. 

Nonetheless, this feature is well known in the art and would have been an obvious 
modification of the teachings disclosed by de Jong in view of Challener, as evidenced 
by Perlman. 
Perlman discloses: 

wherein the second management information includes a 

management requirement, and wherein the storing the fourth file (i.e. 

escrow information) is performed only if the management requirement is met 

(col. 5, lines 55-57; col. 6, lines 10-14). 
Given the teaching of Perlman, a person having ordinary skill in the art at the time of the 
invention would have readily recognized the desirability and advantages of modifying 
the teachings of de Jong in view of Challener with the teachings of Perlman by storing 
information only if a requirement is met. Perlman recites motivation by disclosing that 
only information that follows certain requirements, such as the requirements of a 
government (col. 6, lines 13-14) can be used. It is obvious that the teachings of 
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Perlman would have improved the teachings of de Jong in view of Challener by storing 
information if a condition is met in order to ensure compliance with regulations. 

1 3. Claims 11-12 are rejected under 35 U.S.C. 1 03(a) as being unpatentable over de 
Jong in view of Challener as applied to claim 2 above, and further in view of Winiger et 
al. (US 2004/0010715 A1 and Winiger hereinafter). 
As to claim 1 1 , de Jong in view of Challener does not disclose: 

wherein the receiving locker has a name associated with the sender 
of the third file. 

Nonetheless, this feature is well known in the art and would have been an obvious 
modification of the teachings disclosed by de Jong in view of Challener, as evidenced 
by Winiger. 

Winiger discloses a system and method for specifying a repository for an authentication 
token, the system and method having: 

wherein the receiving locker has a name associated with the sender 

(i.e. user) of the third file (i.e. password) (0039, lines 7-8). 
Given the teaching of Winiger, a person having ordinary skill in the art at the time of the 
invention would have readily recognized the desirability and advantages of modifying 
the teachings of de Jong in view of Challener with the teachings of Winiger by using a 
name associated with data. Winiger recites motivation by disclosing that the use of 
identification information such as a name enables a system to perform operations such 
as a password change (0039, lines 3-7). It is obvious that the teachings of Winiger 
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would have improved the teachings of de Jong in view of Challener by associating a 
name with data in order to provide for operations such as password changes. 

As to claim 1 2, de Jong in view of Challener does not disclose: 

wherein the receiving locker includes a user locker for the sender 

user. 

Nonetheless, this feature is well known in the art and would have been an obvious 
modification of the teachings disclosed by de Jong in view of Challener, as evidenced 
by Winiger. 
Winiger discloses: 

wherein the receiving locker includes a user locker (i.e. storage of 
password in repository) for the sender user (0030, lines 3-4). 
Given the teaching of Winiger, a person having ordinary skill in the art at the time of the 
invention would have readily recognized the desirability and advantages of modifying 
the teachings of de Jong in view of Challener with the teachings of Winiger by providing 
for a locker for a user. Winiger recites motivation by disclosing that storing a token with 
which to compare inputted information allows for authentication (0004, lines 7-13). It is 
obvious that the teachings of Winiger would have improved the teachings of de Jong in 
view of Challener by providing a locker for a user in which to store data so that the 
information can be used for authentication. 
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Conclusion 

Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Sarah Su whose telephone number is (571) 270-3835. 
The examiner can normally be reached on Monday through Friday 7:30AM-5:00PM 
EST.. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Ayaz Sheikh can be reached on (571 ) 272-3795. The fax phone number for 
the organization where this application or proceeding is assigned is 571-273-8300. 

Information regarding the status of an application may be obtained from the 
Patent Application Information Retrieval (PAIR) system. Status information for 
published applications may be obtained from either Private PAIR or Public PAIR. 
Status information for unpublished applications is available through Private PAIR only. 
For more information about the PAIR system, see http://pair-direct.uspto.gov. Should 
you have questions on access to the Private PAIR system, contact the Electronic 
Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a 
USPTO Customer Service Representative or access to the automated information 
system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. 

/Sarah Su/ 

Examiner, Art Unit 2131 



/Christopher A. Revak/ 
Primary Examiner, Art Unit 2131 



